Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35372e302f32342d3234203d3e20383334.roa
File:                     3231322e37342e35372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          dKBLkRTWqUKTf8phBaP8X+cczeHR0GxHn8mR2UKtLMI=
Subject key identifier:   B6:CB:9D:B5:31:C6:75:75:1C:CE:CB:EA:D5:DA:DE:2E:AC:A6:11:14
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       7A435DC11AC045C954A6C024D8AD7FD71FD1D103
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35372e302f32342d3234203d3e20383334.roa
Signing time:             Wed 25 Feb 2026 03:22:18 +0000
ROA not before:           Wed 25 Feb 2026 03:17:18 +0000
ROA not after:            Wed 24 Feb 2027 03:22:18 +0000
asID:                     834
IP address blocks:        212.74.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 16:07:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:43:5d:c1:1a:c0:45:c9:54:a6:c0:24:d8:ad:7f:d7:1f:d1:d1:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Feb 25 03:17:18 2026 GMT
            Not After : Feb 24 03:22:18 2027 GMT
        Subject: CN=B6CB9DB531C675751CCECBEAD5DADE2EACA61114
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:15:dd:6a:ea:67:0b:d4:d0:6d:0f:f1:15:a0:
                    46:2e:9c:1e:77:f0:15:df:7c:d0:23:d2:c0:84:a1:
                    e0:a8:31:74:b8:51:31:b6:e7:93:f5:49:12:81:6f:
                    23:06:a9:12:b1:67:bc:04:ad:fd:63:5f:2c:e2:a9:
                    f9:b4:c4:68:51:23:79:dd:6b:ff:57:1d:e0:3a:46:
                    2b:54:03:34:f3:26:9b:97:b2:09:85:82:07:c9:29:
                    87:66:53:70:e8:81:bd:36:27:9c:3c:09:aa:44:07:
                    95:94:45:08:05:78:d5:78:12:b8:ce:6f:bd:2e:b6:
                    19:c8:e1:7e:89:99:63:26:7c:c7:fd:26:7a:5d:4f:
                    22:30:09:58:1f:ea:a7:ef:05:1f:e4:58:b4:59:6e:
                    26:f5:a1:8c:e6:6f:f9:34:31:9d:a1:da:96:18:e6:
                    d3:45:b6:f7:63:ab:6f:da:4a:89:b5:75:7d:28:cd:
                    d3:21:73:68:ec:09:2d:96:d3:35:a8:ad:29:84:e1:
                    fb:41:f0:d0:f5:bc:a0:ae:67:d2:bd:fe:d1:87:ef:
                    87:6f:7f:91:53:d2:a3:db:39:26:74:07:6c:bf:6c:
                    a0:f1:4e:8b:26:50:bd:c9:36:bc:9e:7c:b9:7c:d9:
                    fc:1f:4b:33:2f:68:ff:4d:ba:a9:d5:d9:6f:08:df:
                    1d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:CB:9D:B5:31:C6:75:75:1C:CE:CB:EA:D5:DA:DE:2E:AC:A6:11:14
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:27:ee:e7:bb:a2:ae:58:5c:bd:82:b0:00:16:7c:fc:d7:45:
         04:e6:f7:59:c1:68:40:a8:ab:a5:89:1d:4c:ae:ae:45:2a:48:
         5a:6b:38:a9:85:a4:54:29:66:eb:19:c3:91:a2:e4:98:19:99:
         5c:2d:e6:aa:0c:57:ef:94:c0:02:d1:f6:1f:6a:5e:ee:94:07:
         43:c2:e4:05:33:40:ad:29:90:cd:bc:4b:03:0e:56:a0:e0:df:
         be:c7:42:27:09:65:4e:c4:ad:5d:9e:5d:b7:f0:20:7a:de:da:
         4b:b6:3b:32:49:bb:7f:73:ef:a9:64:8d:57:93:7b:97:23:4a:
         cb:6a:7c:c6:29:a2:9c:38:c9:d0:a5:f5:a2:70:16:69:b4:e7:
         76:c3:b4:bd:72:b6:e0:75:db:56:f8:71:08:ea:c0:43:b7:36:
         86:79:7b:f7:f7:8b:f2:a3:de:5c:9d:b0:c2:82:9f:fa:d3:c1:
         4a:7f:08:91:c6:14:b2:b6:2c:e3:7e:1b:19:64:4d:20:ad:0a:
         14:b3:39:c3:8e:72:e8:3c:b6:fd:5b:d8:e4:2f:08:6e:e5:82:
         86:fe:49:6e:05:8a:4f:2a:40:2e:d3:4b:5a:ce:4d:de:ed:38:
         c5:a5:a1:16:73:fd:f7:0e:ee:1a:44:b6:a5:0c:d3:d9:38:b5:
         69:cb:f3:a5
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUekNdwRrARclUpsAk2K1/1x/R0QMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAyMjUwMzE3MThaFw0yNzAyMjQwMzIyMThaMDMxMTAvBgNV
BAMTKEI2Q0I5REI1MzFDNjc1NzUxQ0NFQ0JFQUQ1REFERTJFQUNBNjExMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxFd1q6mcL1NBtD/EVoEYunB53
8BXffNAj0sCEoeCoMXS4UTG255P1SRKBbyMGqRKxZ7wErf1jXyziqfm0xGhRI3nd
a/9XHeA6RitUAzTzJpuXsgmFggfJKYdmU3Dogb02J5w8CapEB5WURQgFeNV4ErjO
b70uthnI4X6JmWMmfMf9JnpdTyIwCVgf6qfvBR/kWLRZbib1oYzmb/k0MZ2h2pYY
5tNFtvdjq2/aSom1dX0ozdMhc2jsCS2W0zWorSmE4ftB8ND1vKCuZ9K9/tGH74dv
f5FT0qPbOSZ0B2y/bKDxTosmUL3JNryefLl82fwfSzMvaP9NuqnV2W8I3x3PAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUtsudtTHGdXUczsvq1dreLqymERQwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzIzMTMyMmUzNzM0MmUzNTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Eo5MA0G
CSqGSIb3DQEBCwUAA4IBAQBoJ+7nu6KuWFy9grAAFnz810UE5vdZwWhAqKuliR1M
rq5FKkhaaziphaRUKWbrGcORouSYGZlcLeaqDFfvlMAC0fYfal7ulAdDwuQFM0Ct
KZDNvEsDDlag4N++x0InCWVOxK1dnl238CB63tpLtjsySbt/c++pZI1Xk3uXI0rL
anzGKaKcOMnQpfWicBZptOd2w7S9crbgddtW+HEI6sBDtzaGeXv394vyo95cnbDC
gp/608FKfwiRxhSytizjfhsZZE0grQoUsznDjnLoPLb9W9jkLwhu5YKG/kluBYpP
KkAu00tazk3e7TjFpaEWc/33Du4aRLalDNPZOLVpy/Ol
-----END CERTIFICATE-----